The Singularity is Here: Are Your Deployments Ready? @ DevOpsStars2022

good evening everyone this is mike
rosado
with devops live meetup and
from dallas texas uh just want to give
you
a few uh ads or a few
advertisements uh before we get started
with our speaker
uh just to let everybody know that
devops days
dallas dfw was postponed till
uh next year august 2022 if you didn’t
know it uh
just visit our website at devopsage.org
and but you know there’s still a lot of
virtual events happening for devops days
so you know just go out to
devopsnaves.org and just
join any any of the uh
live events that are going to be
streaming online so
don’t miss out on any of those um but
without further ado i’m gonna go ahead
and bring on
here we go we have stephen chin and he’s
with jfrog
and tonight he’s gonna be talking to us
about singularity is here and
you know are your deployments ready so
uh we’ll go ahead and let him
let him say a little bit about himself
and then if everybody can please
post your questions and save them till
the
end of the um the presentation
then we’ll do like a live q a session
but
without further ado thanks thanks steven
for joining us this evening
hey now thanks thanks very much for
having me um it’s a it’s a pleasure to
be able to speak at
devops live and it’s been it’s been a
while since um
i’ve spoken at a group in in dallas um i
know
the folks who run the dallas java user
group quite well
and i’ve i’ve been out there and i think
i did a tour through dallas
and austin and houston all kind of in
one big
one big swoop out there
yeah definitely definitely we’ll have to
have you out sometime in the in the near
future
yeah and it sounds like you’re live your
live event next year should be great as
well i’m looking forward to
lots of in-person and hybrid conferences
um in 2022 so it should be yes
back in 2019 we had about 635 attendees
so
we’re working on that it’s going to be a
great event this year no that’s not
going to be that’s going to be awesome
so yeah hopefully it can be out for that
yeah i also want to let everybody from
devops live
know that hopefully next month we’re
going to be going
back to improving live so
uh if anybody wants to join us at
improving in in plano you you know where
it is
uh we’ll post the the address on the
next event
when it comes up but without further ado
i’ll leave you steven with
with this and let me put your
presentation up here
cool thanks very much thank you yeah
thanks for the introduction and i run
the
developer relations team at jfrog
um so i i’ve been a long time customer
of of jfrog an artifactory user
was doing devops before before we even
had a word for what devops was so i
think
for a lot of folks who’ve been doing
operations and automation
and figuring out how to how to speed up
deployments um
devops is just the natural evolution of
that and
hopefully in the presentation today i’ll
teach you a little bit about
what’s upcoming um like different ways
of thinking about the future of
devops and we’ll have a little bit of
fun so feel free to
you know play along with the memes um
shout out and chat
and um well we’ll have a nice discussion
after the presentation about all sorts
of stuff
now in addition we have cool stuff for
folks who
are joining us for the live presentation
so um
you get the chance to win both the jfrog
t-shirt and the liquid software book
um so don’t worry about recording or
writing down stuff all the slides
will be posted and the presentations be
recorded on youtube
so we’ll post a video tube if you um use
that qr code to
the the jfrog site that we have for the
events
also you can rate the talk on that site
and renter a chat raffle
for one of ten t-shirts
and liquid software book combos um so it
should be a lot of fun
um i looked at the the meetup
registration i think
folks attending have a very a very high
chance
of winning one or one or both of these
so um make sure that you check it out
and um say hi to us as well
and getting to the the talk so
i i think when you when you look at our
industry
just the last century has seen this
tremendous
acceleration in the pace of technology
um i remember back when i was a kid i
was growing up
on my first computer was a
commodore vic-20
which greeted you with a nice a nice
basic prompt
in my opinion the the the early
computers were the best because
they encouraged you to to actually
program and to learn how computers
worked
um whereas modern computing devices like
my kids have have ipads and iphones and
in comparison when when they want to
write a program when they want to do
something like actually like like
like learn how their device works you
have to install xcode
and you have to get an apple developer
license yada yada yada there’s a whole
lot of ceremony as opposed to the old
computers which just showed you a basic
prompt so in my opinion
folks folks who grew up with all of this
computing technology actually are ahead
of the game because we
we learned how it actually works and how
computers are designed and how to
take them forward and the the rate of
innovation
if you look at it it’s been 8 000 years
between the agriculture and the
industrial revolution
120 years from industrial revolution
until we got the light bulb
90 years to the moon landing but then
the web
genome sequencing and the the rapid
evolution of computing power has just
been in the past
decade so we’re easily moving towards
the place where moore’s law is applied
to computers
and the collective intelligence of
computers
exceeds that of of not only um small
mammals but also the human brain and the
equivalence
um intelligence of the entire human race
so where where does this what what are
the conditions
that are needed for this actually to
take place where the the
computers suddenly become more
intelligent than
than us humans now the first thing is
you you need a lot of data
and um there’s actually there is a whole
lot of data
in the digital world as of 2020 there’s
6.8 times 10 to the 21st bytes
so that’s that’s a lot exabytes worth of
data which are available to store
information
and from a from a human perspective we
can already store
all the human genome which is 7.2
billion humans 6.2 billion nucleotides
that’s 1 times 10 to the 19th byte so we
can already store all of that
information
if you count all of the the earth that’s
1.325
times 10 to the 37th so we’re not quite
there but we’re getting to the point
where you can basically model the planet
digitally
and so the next thing is when how fast
are computers and technical advancements
happening
and you know with modern with with um
classic computers which
are predominantly um
kind of kind of single threaded state
machines
you can only get so fast but with
quantum computing
and with different advances which we
have
in parallel computation like tensor
processing units
you get a huge increase in the
collective
power of computing and the ability to
model
problems which are np-complete and are
extremely hard to solve
so the google’s tensor processing units
they released version four
and that a cluster of version four tpus
will give you one
extra flop of computational power which
is
tremendous and even quantum computing
there
when i um first looked into this we were
up to the the 60s in terms of qubits now
we’re up to 127 qubits
so quantum computing is really taking
leaps and bounds forward in terms of
being able to solve extremely hard
problems which
help us to model and you know solve hard
problems in aiml
so we have data we have brains
the next thing we need is we need hands
we need the ability to actually
um do automation of technology
and an example of this is self
replicating
3d printers so i i love playing around
with 3d printers it’s a great hobby
project
horrible waste of time if you want to be
productive
but we’re starting to come out with self
replicating 3d printers which can print
90 percent of the components which make
up the 3d printer itself
so that’s amazing technology applied at
a hobby scale
obviously you know industrial
applications of this are even farther
along with printing circuit boards
printing
metal components and when we get to the
point where you can actually
have machines replicating machines and
you have full automation
of technology the computers are smarter
than us
the computers know more about us than we
know
i think we all we all know where this
goes and this
this is basically um the same as as our
favorite
80s movie
in the 21st century a weapon will be
invented
like no other so i hope the sound’s
coming through just in case i’ll bump up
the volume
versatile and indestructible
it can’t be reasoned with it can’t be
bothered with
it will feel no pity no remorse
no pain no fear
it will have only one purpose
to return to the presence and prevent
the future this weapon
will be called the terminator
so you can see that it’s all it’s all
been preordained
um skynet’s coming for all of us um
and it’s it’s it’s pretty smart as well
so
if you if you look at this isn’t that
far off so if you look at
the collective growth of human
intelligence
versus machines human intelligence has
not
been increasing very rapidly um machines
in the past um just just the past 50
years have
the intelligence has accelerated
tremendously and where the
where the two lines cross here is the
singularity although there’s there’s one
little problem with this
um so i modeled this with human
intelligence going going up and i
actually think if you look at the
the recent events you’d probably want to
do this and
slightly adjust the the line for human
intelligence
um so by the year 2040
we’re easily looking at machines are
more powerful and
know more about um everything than than
humans do
so let’s let’s take a quick glimpse into
what things will look like
in the year 2040 using our our handy
dandy terminator time machine adjusted
slightly by the um the wonderful
engineers at jfrog we’ll
we’ll set the date to the year 2040 kick
off our machine
and let’s see let’s see what the future
has in store for all of us
okay so apparently we we haven’t quite
gotten rid of our old
our old televisions um this actually
for those for those of you who have nice
curved monitors where it curves around
you
this is the proper curve the opposite
curve this was this they got this right
early on in tvs with the the proper
curve and clearly we can see the news
report here that the united nations has
recognized the first
autonomous serverless life form
so you you know it’s it’s eventually
when they when the
computers get smarter than us um we we
will gracefully
um embrace our new overlords and you
know don them as being a first-class
life form so i think this is
this shows promise for humanity that
we’re not fighting the robots that we’re
embracing the robot so this is
this is good news um
okay so here we have the the first
over-the-air update being blocked
or over-the-air update helping to block
a terrorist attack so this is
this is awesome as well um the airline
industry is probably
one of the slowest in terms of embracing
new technology if you’ve been in
an airplane recently which you probably
haven’t
um you see heavily outdated um
software systems even the infotainment’s
quite bad
but the machines can help accelerate
this and
one of the challenges is pushing
software updates and pushing technology
to the edge how do you get
software updates on all the iot devices
all the home automation devices
the number of devices in the world is
just growing exponentially with billions
of devices that need to be updated
and if you don’t update your devices if
you’re not pushing updates to the edge
by the fact you’re using open source
software and you’re using software which
um continually has new exploits found in
it
you’re putting yourself and your
customers at risk so it’s good that
we’re finally
taking the leap to update cars to update
planes to update devices at the edge
with the
the computing power of the um
the new ai overlords who actually can
calculate this and
and perfectly deploy without crashing
planes so that’s great
and then the next headline crop
computing i think you know we’ve all
we all saw this coming um corn isn’t
just good for power
it’s good for producing microchips and
computational capabilities so of course
this is this is great if you see the
matrix they’re not growing humans for
power they’re
they’re growing corn um so i think this
is a good
this is again a good sign for the future
of humanity
now as i saying the number of devices
out there in the world is
humongous so there’s by the year 2025
there will be more than 30 billion iot
devices
in the world and this is growing
exponentially
and the challenge is how do you
securely deploy and continuously update
all of these devices
at the edge such as your your car your
infotainment system
so if you have a smart car you know that
every couple weeks
tesla’s dropping new updates to your
vehicle
um your smart tv or you know hopefully
your
your um your smart tvs
um external device because as we know
smart tvs aren’t actually that smart
they get updated fairly and frequently
cell phones and cell phones have
basically set the standard for
continuous updates and features so what
what drives expectation from consumers
about expectations on software delivery
velocity
a lot of this is the experience they get
on their cell phone where
they’re being updated continually and
you often don’t even know what version
of phone or software on the phone that
you’re running because
it’s just all transparent to you and
your phone’s being updated and kept
secure
um by being connected to the network and
continually getting new updates
and the last one is smart fridges which
um again aren’t actually that smart but
maybe in the future the robots will fix
this for us
so when you want to update your device
kind of this is the thought process that
we all go through so new updates
available
do you want it now if you don’t want the
update you can skip or defer
sometimes if you do want the update then
you have to think well
i want these new features this is like
something which as a as a consumer i
want to get these new features or if i’m
deploying enterprise software i need to
take advantage of new apis new
frameworks new capabilities
but is it risky maybe it’s risky do you
do you trust
it or do you trust the person who built
the updates um
and often it’s not even a question of
trust because
you know you can’t trust other companies
or external entities you have to verify
it
and this is where it becomes quite
challenging because there’s often a
costly verification to do software
updates especially with large enterprise
systems
and this becomes a a bottleneck in the
entire
software delivery process when you you
have the
the weakest link in the system um us
us poor humans doing software
verification and trying to
figure out and do quality control figure
out things work while the the robots
have already made everything else around
them so um
we need to get out of the situation
where there’s a bottleneck of human
intervention
and fully automate the processes so it
becomes seamless
for us to do continuous updates to
accept new security patches to accept
new software
and to to move forward the process for
how we actually build software so if you
if you look at this from uh from a model
perspective you want to have of course a
continuous integration server where
you’re continually running builds
so hopefully you’re already using
something for this
like um like jenkins
or circle ci or jfrog pipelines or one
of the other great ci
software solutions out there and this
will help you to then
release to a package management system
like artifactory
where you can store your packages
securely you can do
security and vulnerability scans on it
make sure that your binaries are
entirely secure
and this helps you with quality gates as
you go through different stages so
maybe first you release to an
integration server you have certain
quality requirements for
releasing to your integration systems
which then allow it to be
upgraded to a system testing state
and again you can do additional
verifications
um acceptance checks and automated
testing
if it passes that then you go into a
staging environment
which should be as close to production
as possible
to make sure there’s no production
issues and then finally deployed to
production and ideally all this is
automated
it’s seamless and then as you progress
to different quality gates
you end up only releasing software which
is stable secure
and allows your customers to be
certain that you have a secure update
and then you get to the nirvana of
security of
software delivery where rather than
asking the user if they want the updates
you just update people because it’s
automated it’s seamless it’s secure
and if this helps your your end users
whether they’re consumers or enterprise
businesses to consume the latest version
of software
continually without worrying about
verifying doing costly verifications of
updates and without the humans
getting in the way of the machines which
can do a much more efficient job of all
this testing
so the the um the biggest challenge in
all this
and the one of the problems is the
solving is
security vulnerabilities um this
basically has become the new oil spill
of the um 2020s of the what was i put us
in the 20th
20th century 21st 22nd
21st century okay i’m bad with my
centuries
but um basically when you’re looking at
it
vulnerabilities are one of the highest
risks to
modern software companies of anything
and there’s there’s some very high
profile vulnerabilities which have
happened recently
such as the um equifax data breach
so this happened a few years ago but um
it was still all in our minds because it
affected all of the consumers
in the world and there was an estimated
1.4 billion dollars in cleanup costs
that were associated with the security
breach and 1.38 billion in consumer
claims
so this is a billion dollar security
breach
which was caused by an apache struts
vulnerability cv
2017-5638 and this wasn’t even in their
main production system this was in
one of their other servers that were
running some other infrastructure
they used that as a back door to get
into the equifax servers
they then did a few hops internally in
the network to get access to the
consumer database
and they had several months before this
was discovered where they had time to
pull data out of the network and
eventually they identified it by
the data breach tracing back the data to
the to the server which was compromised
and it was only a couple days once they
realized that they were compromised to
actually do the fix
but the end result was 143 million
customers were impacted by this and it
was a multi-billion dollar
um data breach now you’re probably
thinking this is this is back in 2017.
this doesn’t happen anymore right
so just this year the solarwinds breach
happens
earlier this year and again this was a
security breach where they got into the
solarwinds network they got into their
ci cd server
they happened to be running team city
but it actually wasn’t the ci cd
technology which was the problem
it was the fact that the attackers got
in and they were able to inject
the vulnerable code between when the
source was built
and when the binaries were signed and
delivered so to an end user who received
the hacked solarwind binaries
it looked like a verified release which
had been verified by solarwinds
because they didn’t have the right
security practices in place they
actually had malicious code injected
into it those got into customers
systems and those were used as a back
door to then get into those customer
networks and to attack
um their end consumers so again this was
a huge data breach
um this is what kicked off the latest
round of government
mandates around s-bombs security
standards
um one of the best ways to get an s-bom
and to build out your
um your library of all the components is
by using again a package management
system like artifactory which will tell
you what all your dependencies are
we’ll give you build info on that and
can help you to
to avoid situations like this because
the the farther you get into um
production
into end state systems the more costly
it is to fix
problems so ideally what you want to do
is
shift all of your your security checks
your vulnerability databases and your
testing as far left as possible
if you can identify it in development
because you know that you’re possibly
using vulnerable binaries or you’ve
chosen libraries which are outdated
that saves you that’s the quickest
switch because you can just immediately
swap your third-party dependencies
and then use more secure better updated
libraries
if you catch it during testing that’s
still fairly easy it has to be
redeveloped but you you’ve caught it
fairly
early in the development process if it
gets all the way to staging
or worst case production then not only
is it harder to fix with longer cycle
times
but you’re potentially exposing your
customers to risk once you hit in
production system and that can be quite
expensive so the goal here is
shift left with your security shift left
with your package management and
make sure that you have a secure
pipeline from end to end so that exactly
what you build in development
is what you’re testing in production so
having signed pipelines having a
secure end-to-end ci cd
excuse me it’s extremely important
okay and um i also run the partner team
at jfrog
and we talked about this at swamp up but
one of the things that we do
is we build a platform for end-to-end
visibility that centers around the jfrog
platform
so you can integrate a bunch of
different vendors like
dynatrace elastic splunk and datadog to
give you that hybrid multi-cloud
observability
into your business tie it back in with
notifications so if you have a security
vulnerability you can get notified in
your jira or slack so you’re shifting
left and letting teams know
about production issues or about
potential vulnerabilities
and then even integrate with your itsm
system like pagerduty or other
it service management systems where you
can
help to your production teams to better
manage these incidents in an
end-to-end system that supports
collaboration
supports itsm supports observability
with the platform
which handles security with x-ray which
is our security product
which handles package management and
s-bombs for supply chain security
which is artifactory and then finally
helps you to distribute to edge and
support the
um the billions of devices which we’re
going to need
to support our robot overlords who um
are going to be very happy when you’re
the one guy
who can support all of the machines and
be very efficient and running builds and
have these automated processes
versus having thousands of people
solving problems that the machines could
better solve so
basically by helping the robots reverse
the man-machine ratio
we will be the humans who the robots
rely upon will be that will be the folks
who are helping the robots
um and you know maybe we’ll help our
friends out as well to
to become better friends with the robots
personally
i i’m looking forward to to the new
generation where the robots take over
because
um we we have to educate and help the
young people to
um to be friends with the robots so this
is some kids workshops
which i run together with my daughter
where we teach people how to
kids and young folks how to how to build
and do software programming
using the now robots which are a great
interaction medium for
learning software development it’s also
great to engage
kids because they can kind of see and
interact with with robots
and they can they can learn to be
friends with their new robot overlords
because as we know
um the united nations is going to accept
them and then we as humans need to
accept them
and then be as productive and efficient
and automated as possible
so we can live harmonistically with our
new robot overlords and have a bright
future
with the um the ais of the future who
are going to help us to become even
better and
and accelerate the pace of innovation of
our entire industry
so i hope you learned a little bit about
kind of where things are headed
with the devops industry kind of how you
can accelerate your career by learning
more about
technologies like ci cd security
and help your organization to up level
what they’re doing with devops
and if you have any questions feel free
to shout those out in the youtube chat
as i said before um enter the raffle i
think you’ll have high chances
go to jprog.com devops live and then you
can win a chance of a book and t-shirt
combo
we’ll have 10 winners and thank you very
much for
for having me at devops live so um this
is this has been great to
to come out and virtually speak at
dallas i hope i’m able to
to come out in person in the future um
but
even even speaking virtually i think
this is a great opportunity so thanks
thanks very much for having me
thank you very much steven this this was
a great a great presentation
um i i was very much interested on
on the robots i i don’t know if you’ve
seen the
the presentation that they did on the
olympics with the robots
is it is it i don’t know if it was
something similar
because they they had some robots just
like the one you presented there
but bigger and interacting with people
and everything it was great
yeah so um the the parent company which
makes the
the now robot i showed um so that’s
aldebaran robotics they got bought by
softbank which is actually a huge
japanese
um software company they’re kind of a
software reseller and telecommunications
company
and they have a full-size humanoid
version of it called pepper
which you’ll see actually they have some
of them in the us as well but you’ll see
them in like um
in stores or kiosks as a way of
interacting with humans and i think the
nice thing about
their robots um i assume they’re the
ones who did the olympics as well i
didn’t i didn’t see the footage but
um the nice thing about their robots is
they’re they’re not
robots designed for machinery not
designed for to do like
like like automation they’re designed to
interact with
us right and i think
that’s what they were showing there that
that there was a person
behind the scenes with a bunch of
gadgets on their hands and the heads and
everything
and it was interacting with with the
people in the audience
and you know and putting emojis in their
eyes and stuff like that it was
yeah so something they found with the
research as well is um
for for certain um like medical
cases and folks who have trouble
interacting like autistic patients or
other folks
or sometimes the elderly these sort of
service
robots are are a really good way like um
kids who have trouble interacting with
humans they just light up and they they
they can really interact with with
robots
in ways which um it is really amazing so
i
i think it’s it’s great technology um
and
you know i think um you know i’m kind of
half joking about the singularity right
because
we we’re software developers we know how
stuff’s built
but um i think there’s a lot of
potential for
technology which aids humans in being
more efficient and
like interacting and i think even you
see the past year with kovid
there’s a whole bunch of technologies
which got accelerated by the need for
virtual interactions
for doing things entirely online where
previously
you’d have to physically go into a
doctor now we do telemedicine
you would have to even ordering systems
for doing online ordering
food ordering grocery ordering all got
super
convenient in the past year and this is
stuff which
probably would have taken another five
years or so to really hit prime time
and it just got accelerated by the need
that we have for this um
present at present right let’s see if
anybody in the audience has any
questions i haven’t seen any pop-up
but hopefully i think there’s only one
person
joining us right now
i i think we’re gonna probably cut this
one short
tonight but you know the presentation
was great and
i’m sure that other people will will
watch it later that couldn’t attend
no so they’re waiting they’re waiting to
um come to your in-person event next
month
yeah that’s what it is that’s probably
right
yeah so yeah so when it works out i’ll
have to come out there with one of my
robots and we’ll do it
oh for sure in person president yeah for
sure
we’d love to have you yeah i also i do
kids workshops too so we if you
if you um are interested we could do
some fun kids workshops too
we may need to talk about that because
uh there we have some things coming up
in the pipeline with kids
so definitely have to catch up and
connect on that one
well stephen thank you very much for
joining us and you have a great weekend
cool thanks so much mike and appreciate
it yeah devops live and to the austin
houston audience out there thank you
very much i mean dallas dallas audience
you have a great one